Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DSLReports Study: 8 Hours 'til the Spam Hits

timothy posted more than 12 years ago | from the upcoming-spam-death-of-the-universe dept.

Spam 348

Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."

cancel ×

348 comments

Sorry! There are no comments related to the filter you selected.

Hmm... (1)

The Great Wakka (319389) | more than 12 years ago | (#3023062)

Someone should try and set up another study... Anyone up for the job? This seems too slow for the spammers, and I suppose it matters what kind of site you post your email address on.

Re:Hmm... (0)

Anonymous Coward | more than 12 years ago | (#3023092)

Spammers should all die a painfull, horrible, disgusting, public death, the motherfuckers.

Re:Hmm... (5, Interesting)

dagoalieman (198402) | more than 12 years ago | (#3023107)

How about we put FBI and CIA email addresses up, or *.gov, and see how long until the spammers are raided?? I bet it could even be before that first spam gets out if we use the right addresses/web links..

I bet that time period for harvesting goes down pretty quick.. :)

.

Re:Hmm... (1)

smcv (529383) | more than 12 years ago | (#3023181)

Heh. Was it uce@doj.gov or something that the US authorities set up as a sort of national abuse@domain equivalent?

Re:Hmm... (5, Informative)

no reason to be here (218628) | more than 12 years ago | (#3023205)

the e-mail address is uce@ftc.gov

Re:Hmm... (2)

Moonshadow (84117) | more than 12 years ago | (#3023377)

Whenever I receive an email from a spammer with one of those "click here to remove your email" links, I paste it into the browser, feeding in uce@ftc.gov as the email instead. Since those forms just feed into the spammer's "sucker" lists, it saves me the trouble of having to forward the email to them - the spammers just do it for me. Hitting up uce@ftc.gov 19 times a day - lets see how quickly they're put outta business :)

I'm working on a script that will let me send unsubscribe emails with uce@ftc.gov as the from header as well.

Any other ideas on how to abuse spammers?

Re:Hmm... (-1)

MMMMMMMMMMMMMMMMMMMM (537317) | more than 12 years ago | (#3023212)

Why should No Such Agencies fucking care about receiving spam? You would probably be the one getting busted for collecting their addresses with unlegitimate intents.

Re:Hmm... (1)

dagoalieman (198402) | more than 12 years ago | (#3023331)

They wouldn't care about the spam- but anyone who contacts them gets pretty switfly investigated, especially in our post 9/11 world.

And yes, I'd prolly get in big trouble too. I'd have to consider pretty closely the benefits of getting some of that crap stopped... When I first got online, I was extremely sheepish.. I've learned since, but it doesn't matter, my name's already out to every spammer in the world.

As I make new accounts and new rules, spam still comes at me. So.. what's better.. getting in trouble but finally being able to have an email account where you can distinguish the real mail from the spam (because of the volume), or not?

To each one his own opinion.

.

Re:Hmm... (2)

BrookHarty (9119) | more than 12 years ago | (#3023223)

Actually, I wonder what the stastics on spam for government email addresses. If spammers just put *.gov in the ignore lists.

Are there any government employees who can comment on this?

Re:Hmm... (2, Insightful)

dagoalieman (198402) | more than 12 years ago | (#3023298)

That could be a fun one too.. set up an email address in your domain, set forwarding on the account by rule/filter/whatever equiv for your email system so that it goes to uce@fbi.gov or whatever that spam collector address was. Or find a higher up address to send to, even. (Like an employee for the FBI who has no SSN, Name, DOB...) Just add a little script to tag into the email before forwarding that says "This person was inquiring about you.. thought you'd be interested.."

You know, even mentioning that idea, I'm suprised I haven't gotten a knock at my door already.. :)

You've got a good point though- I would imagine that .gov addresses get blacklisted, but on the otherhand I know some people at the state level who get spam at their addresses. So we'd at least get rid of the so-stupid-they-can't-spam-right people.. :)

.

Slashdot causes this problem. (-1)

Frank White (515786) | more than 12 years ago | (#3023115)

It was only 4 days ago [slashdot.org] that Slashdot posted an individual's email address in a hyperlink on the front page. (It was "pat at sourceforge dot net".) This is the site where the majority of the users, being computer-savvy, don't EVER post their email addresses in plaintext. It makes me sick how inconsiderate the editors here can be.

Yep, (-1, Offtopic)

Hercynium (237328) | more than 12 years ago | (#3023063)

All your emails are belong to us!

(I just had to... I was inspired by the Main St. Wakefield Jiffy Lube!)

Re:Yep, (-1)

Ralph Malph Alpha (551824) | more than 12 years ago | (#3023074)

Oh hush. Keep it down now. Voices carry.

Lockheed Marin (4, Insightful)

irony nazi (197301) | more than 12 years ago | (#3023071)

When I started working for Lockheed Martin, I had 4 spam emails in my mailbox that was delivered prior to my first day of work. In addition to this, I had 2 personal (they seemed personal IT related) job offer emails in my mailbox, also from prior to my first day of work. Both from recruiting companies.

Re:Lockheed Marin (-1)

MMMMMMMMMMMMMMMMMMMM (537317) | more than 12 years ago | (#3023248)

Please spare us your wishful thinking. You never worked for Lockheed Martin. You couldn't janitor your way out of a paper bag.

Re:Lockheed Marin (0)

Anonymous Coward | more than 12 years ago | (#3023337)

Lockheed Marin

Lol, is that a joint venture between Lockheed Martin [lockheedmartin.com] and Cheech Marin [eonline.com] ?

Jes bustin' yer chops...

To Spammer, please Harvest these addresses: (3, Interesting)

nitemayr (309702) | more than 12 years ago | (#3023073)

GOp@Tohell.com
LeaveMe@lone.com
Kissmy@ss.com
All of which I have used to registery sofware in the past.
Hughj@ss.com is still waiting for his free natural viagra as I write this.

Re:To Spammer, please Harvest these addresses: (1)

c0wh (445032) | more than 12 years ago | (#3023127)

I'm willing to wager that tohell.com, lone.com, and ss.com are not too happy with you. If I give a fake address, I'll usually give one with a domain name that the company owns. Thus: youbastards-suckass@real.com

A past owner of domain.com once had a desperate plea for people to stop using "user@domain.com" and similar email addresses.

Re:To Spammer, please Harvest these addresses: (0)

Anonymous Coward | more than 12 years ago | (#3023184)

The only one that is supposed to be off limits since it will not be used is example.com.

[I once had an ICQ session with the owner of mydot.com that also had some strong feelings about SPAM; seems that some ppl on usenet were using mydot.com as their forged addresses]

Re:To Spammer, please Harvest these addresses: (5, Insightful)

keesh (202812) | more than 12 years ago | (#3023186)

I tend to go for postmaster@localhost, or, failing that, postmaster@127.0.0.1. You can also try other names -- root and webmaster are also good fun.

Re:To Spammer, please Harvest these addresses: (5, Insightful)

hendridm (302246) | more than 12 years ago | (#3023129)

Hmmm, using these sorts of e-mail addresses can lead to annoyances to legitimate domain owners. For awhile I remember the owner of junk.com, which seems to no longer exist, posting complaints about people type "whatever@junk.com" when they register software. It seems his servers were hit or something.

I always like to use the webmaster's e-mail account when registering software. For example, if I was registering software on widgets.com, I might use the e-mail address "webmaster@widgets.com" or "abuse@widgets.com" to register the software.

I feel torn, as I want to support free software vendors by allowing them to make money, but I just don't want my e-mail address to be sold for spam. Ever. I also don't want those annoying newsletters that I could care less about unless I *explicitely* ask for it (and not be tricked or required by default).

Re:To Spammer, please Harvest these addresses: (5, Interesting)

foobar104 (206452) | more than 12 years ago | (#3023314)

I remember the owner of junk.com, which seems to no longer exist, posting complaints about people type "whatever@junk.com" when they register software. It seems his servers were hit or something.

A good alternative is to use the domain "example.com." IANA (Internet Assigned Numbers Authority) holds the names "example.*" in reserve for use as (you guessed it) examples. It's been that way since at least 1995.

So an email of the form "foo@example.com" is perfectly valid... and can never be the recipient of email.

Re:To Spammer, please Harvest these addresses: (0)

Anonymous Coward | more than 12 years ago | (#3023340)

Most of the single letter domains are reserved as well. I think all but q, x, and z.com are held by IANA now.

Re:To Spammer, please Harvest these addresses: (3, Funny)

TRoLLaXeR (559614) | more than 12 years ago | (#3023344)

Years ago, I had been using bob@bob.com as a generic email address to enter whenever I feared receiving spam. As I recently discovered, there really is a bob@bob.com. (The address was formerly owned by someone at Microsoft, if I recall correctly.)

I'm sorry, Bob. So very, very sorry.

DMCA: Can it be leveraged here? (1)

nick_danger (150058) | more than 12 years ago | (#3023397)

Your .sig sparked the thought:

Suppose you post on a web page some email addresses that were "encrypted" by inserting the string "NOSPAM" somewhere in the email address. Suppose further, that the page contains a suitable copyright notice to protect the "encrypted" content of the page. It's not entirely unreasonable to think that the harvesters are smart enough to strip out the "NOSPAM" from the email address, right? So suddenly, the spammer is using information gained by illegally circumventing an encryption device (illegal if they haven't been granted a license to do so, right?). Hence, the spammer is in violation of the DMCA.

Can anyone that IAL comment on whether this is a viable approach for dealing with spammers?

Re:To Spammer, please Harvest these addresses: (4, Funny)

Roundeye (16278) | more than 12 years ago | (#3023401)

I always use real addresses, just those of the people I think more likely to be interested in cheap Viagra, weight loss, and 12-year old girls:
hotline@mpaa.org and cdreward@riaa.org.

Vigilante Justice (1, Funny)

Alban Caradoc (557833) | more than 12 years ago | (#3023080)

...would be for their ISP to go thru their logs and tell you the subscriber name and address of the offending little turd and kick their door in within 10 hours ;)

Re:Vigilante Justice (0)

Anonymous Coward | more than 12 years ago | (#3023351)

great idea. why not grab the ip of the spider, run some reverse lookup and toast his machine. but that misses the root of the problem. all those paper signs up around town that say "Own a computer? Make (insert enticing but fictional number) from home!" are the real cause of our collective spam woes. they're the ones who sell this crap to people. it is they who should pay. lets start a slashdot pool and collect money to put a bounty on the head of anyone writing or distributing spam software. I'm sure I could dig up a couple bucks for such a worthy cause. anyone know how we can contact the crew of the Bebop?

Linux? (-1)

Serial Troller (556155) | more than 12 years ago | (#3023087)

Linux. You know what? NO ONE CARES. Linux is a gigantic piece of SLOP. It's like a LOG OF DOGSHIT floating in cat urine. A stinking LOG OF DOGSHIT covered in maggots floating in cat urine. It crashes. It OOPSES. It locks up, it hangs, it randomly corrupts my FUCKING filesystem. I'd rather have my TESTICLES TORN OFF with a hot pair of serrated pliers than run Linux on my FUCKING computer again! It's an absolute pile of SLOP dribbled out of LINUS TURDBALLS's and ANAL COX's cocks during one of their HOMOSEXUAL FAGGOT ORGIES.

I think the summary is misleading... (4, Interesting)

Tom7 (102298) | more than 12 years ago | (#3023090)


The email address wasn't harvested 8 hours after being posted, it was sent spam 8 hours after being harvested.

What would be more interesting is to find out how long it takes with your address on the web before it gets entered into the various lists...

Re:I think the summary is misleading... (1)

spt (557979) | more than 12 years ago | (#3023109)

When the time is as low as 8 hours, the difference is pretty academic.

Re:I think the summary is misleading... (2, Insightful)

MindStalker (22827) | more than 12 years ago | (#3023148)

Well remember the guy put up generated email addresses, meaning each address could be datetime/ip stamped as to when it was harvested. So basically when he got spam it was as little as 8 hours after that generated email address was created. I do wonder what the time span from when the site when up till the first harvester hit, and maybe a nice graph of time up/number of harvesters would be interesting.

Very interesting (5, Interesting)

InterruptDescriptorT (531083) | more than 12 years ago | (#3023094)

While this study is very interesting, what I'd like to see more posted about is how often an e-mail address, unpublished on the Web but used for e-commerce, becomes the target for spam. Whenever I post something where the e-mail address goes up on a Web page, I sufficiently de-spamify it so that the harvesters won't know what to do with it (i.e. it's an obfuscated form of my address). But what really gets me is when I used my e-mail address for getting e-commerce confirmations, important for verifying orders, etc., and find that address the target of spam, even when I decline it.

I also find it handy to have a 'spamdrop' account, which is just another e-mail alias on my host, for signing up for one-off things, like chat, games, etc. That account fills up incredibly quickly; I receive on the order of 50 spams/day at that address. Wow...

Re:Very interesting (3, Insightful)

Anonymous Coward | more than 12 years ago | (#3023161)

Like many domain owners, I have a catch-all email address set up. So when I register I generate a new email address every time. And I link back when I get spam. It's not perfect - sites can leak my address fairly innocently (Salon on its chat pages, for example).

IME, very few ecommerce sites spam. And almost all of those are obviously from the company I gave the email to.

Note: I don't live in the USA, so don't deal with some of the more egrarious spammers.

Re:Very interesting (2)

Fjord (99230) | more than 12 years ago | (#3023199)

I put in a separate alias for each service I subscribe to. That way I can tell who has sold my address. It also allows me to drop that specific address from my alias list, allowing me to keep the other ones still working but not having to sift through the spam (which is useful for announcements and for sites like eBay where it sends ligitimate notifications). I have one for my wife to use on usenet too. Once that one gets too much spam, I'll change it slightly. that way you can still reply-to and have it get to her.

For those who don't know how, you just add a line in /etc/aliases.
alias: account

One of the advantages of running your own SMTP server. I use DHS [dhs.org] for my (free) domains and am running this on a home network off a cable modem w/ linksys router. No, it's not an open relay.

Re:Very interesting (3, Informative)

tandr (108948) | more than 12 years ago | (#3023237)

http://www.sneakemail.com [sneakemail.com]

I am VERY satisfied user.

Oh, and for some annoyances http://www.spamcop.net [spamcop.net] do the job really well.

Troll Trapper (0)

Anonymous Coward | more than 12 years ago | (#3023323)

There's a program called Troll Trapper" [trolltrapper.com] that supposedly helps alleviate the spam sent to published email addresses. I haven't used it, but have heard success stories.

crack (0)

Anonymous Coward | more than 12 years ago | (#3023379)

here's the crack: http://cracks.am/d.x?37598 [cracks.am]

Re:Very interesting (1)

VertigoAce (257771) | more than 12 years ago | (#3023384)

My email address is available on 222 pages according to Google. Despite that, I haven't gotten any spam in the past 6 months from any company. I do receive a few commercial newsletters, but I specifically opted-in for those. This is with Verizon DSL. In the past I received a fair amount of spam when using ATT's WorldNet service (that address is on 315 pages; I sure hope no one else signed up with my old email ID).

Re:Very interesting (1)

Jah-Wren Ryel (80510) | more than 12 years ago | (#3023398)

Perhaps verizon is doing spam filtering. Lots of ISPs do it without telling their users. Makes you wonder what legit messages get silently filtered too.

That's nothing... (3, Funny)

gUmbi (95629) | more than 12 years ago | (#3023097)

What's the average length of time between a slashdot posting and the subsequent DoS attack on the linked site?

Jason.

Re:That's nothing... (2)

discogravy (455376) | more than 12 years ago | (#3023185)

they would have statistics on this already on their page, but their server is being slashdotted right now...oops.

What's the average... (1)

ackthpt (218170) | more than 12 years ago | (#3023382)

Stop! Who approaches the Bridge of Death must answer me these questions three!
What... is your name?
Arthur: It is 'Arthur', King of the Britons.
What... is your quest?
Arthur: To seek the Holy Grail.
What's the average length of time between a slashdot posting and the subsequent DoS attack on the linked site?
Arthur: What do you mean? An American or European attack?
Huh? I-- I don't know that! Auuuuuuuugh!
Bedevere: How do know so much about slashdot effects?
Arthur: Well, you have to know these things when you're a king, you know.

Spammed by the best (3, Funny)

reparteeist (533894) | more than 12 years ago | (#3023101)

Damn that Bernard Shifman! Will he never learn?

Interesting story I would say (-1, Flamebait)

Anonymous Coward | more than 12 years ago | (#3023105)

And kind of fitting you might say. CAUSE I AM THE ONE BEHIND IT ALL! HAHAHHAHAHAHAHAH! Now that I have had a good laugh, it's time for me to collect email's of Slashdot users! No fucking email filter is going to stop me cause I have updated my harvesters to ignore all the different spam blocking messages Slashdot uses.

Have a nice inbox full of SPAM you fucking LUSERS!

How? (3, Interesting)

SevenTowers (525361) | more than 12 years ago | (#3023110)

On 6.26am the morning of May 13th, 2001, the link is hit from IP 24.1.197.144 - a residential cable modem in Arizona

Google is big. Google has a very fat spider going around. Google definitly does not check a nowhere webpage as soon as it is created! How can somebody on a cable account (limited bandwith?) scan pages at a high enough rate that they hit an almost invisible webpage soon after it was created? Big machine, big connection? spoofed IP?

Is this business really so lucrative that people are willing to spend hours working on it? It'd like to have some stats on how many people actually subscribe to the "services" advertised for in spam. I know a spider is not a lot of maintenance once setup and the distribution cost for the spammers is almost null because they make everybody else pay for it, but where the hell do they get the profit...

Re:How? (1)

c0wh (445032) | more than 12 years ago | (#3023157)

It was just luck, I imagine. There are probably many cable users scanning many pages. A spoofed IP wouldn't be very useful (or even very possible) except to someone with a computer located very near the web server. You would need the results of the web page sent to your actual IP address, or you would not get to harvest any web page content.

maybe (1, Interesting)

Anonymous Coward | more than 12 years ago | (#3023167)

THey don't need to work like google. Not that I am a spamspider developer, but my guess is that they scan IPs and connect to port 80. If they get a reply they follow all the links and snatch anything with an @ sign. It's incredibly simple and 8 hours seems reasonable. Try setting up a new web/ftp/mail server and look at the logs how much time it takes before they've been scanned. 8 hours is even to much. They probably got harvested much faster than 8 hours but got the first SPAM in 8 hours.

posting anonymously not to fatten my fat fat kharmah.. ;-)

CH

mod parent up +1 Probably (0)

Anonymous Coward | more than 12 years ago | (#3023175)

(n/t)

*lol* mod parent up +2 thankfull (0)

Anonymous Coward | more than 12 years ago | (#3023198)

NT = no text

Re:*lol* mod parent up +2 thankfull (-1)

MMMMMMMMMMMMMMMMMMMM (537317) | more than 12 years ago | (#3023278)

You are right

NT = no text, only GUI
Linux = peice of shit dinosaur

Re:How? (1)

CH-BuG (55283) | more than 12 years ago | (#3023172)

Maybe it's the same effect than when a machine gets hacked by a script kiddy only hours after being put online: it's quite easy to download a kit that helps you scanning random addresses or web pages... therefore there are more spammers than servers on Google's clusters...

Re:How? (2)

yesthatguy (69509) | more than 12 years ago | (#3023207)

The article doesn't mention how long it took from when the hidden page was put up to when it was hit; it only looks at the time after that. For all we know after reading the article, that link could have been up for a year before it got a hit. However, since it was presumably linked from a reasonably major site (DSLReports), that probably increases the chances that it would be found quickly. All it takes is for one guy sitting at home to type dslreports.com in to his harvester (or some site that links to dslreports.com) and they find the link. The probability of that happening at a major website, given enough time, is quite large, I'd fathom.

Re:How? (3, Insightful)

Arker (91948) | more than 12 years ago | (#3023294)

Google has to do a lot to process a page. It tries to analyze the content, it crossreferences complex networks of linking, building a very complicated database for searching.


A spammer-spider can be much more simple, and thus move much more quickly. All it is interested in are email addresses. Period.


Random E-mail address? (3, Interesting)

Peyna (14792) | more than 12 years ago | (#3023114)

I'm curious how random the e-mail address was. If was something like 'bob79@', then I would expect it to receive spam regardless of being harvested.

I used to have an e-mail address that was andrew@, it was great for a year or two. I still have it, but I do not retrieve the messages since it receives 30+ SPAM messages per day. My other e-mail address is my first initial + last name, and my last name is rare enough that I get maybe 1 Spam message per month.

a test (0)

Anonymous Coward | more than 12 years ago | (#3023118)

AIM screenname - hssa81

Look what i found! (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3023119)

You thought it was gone, but you were fucking wrong!

buttse.cx [slashdot.org] !

So it has all come to this? (1)

0-9a-f (445046) | more than 12 years ago | (#3023120)

Many years ago, at the start of the whole Dot-Com boom, sages could foresee the start of a cottage industry of Internet content development.

I am certain those sages had no idea how accurate they were to be - a shame the successful industries turned out to be address harvesting and spam generation :o(

8 hours! (0, Troll)

gnovos (447128) | more than 12 years ago | (#3023121)

Amazing, simply amazing!

I wonder what took them so long?

This + Giant laser of death (2, Funny)

Qwerpafw (315600) | more than 12 years ago | (#3023128)

The solution to spam is that Giant laser of death the airforce just got. Tie it to the email system, so once a spammer is identified, they become toast. Literally.

Sheesh, though, I hate spam. I get like 10 spam a day at my real email address, which people only can discover by talking to me (I don't post it or give it out for obvious reasons).

Maybe some kind of bulk-email tax could be imposed.... Even though I am firmly against internet tax, I think making the spammers pay for the mail (ala-junk mail via postal system) is the only solution.

They randomly attack servers, too. (2)

King_TJ (85913) | more than 12 years ago | (#3023130)

Not only are addresses harvested quickly, but it's amazing how often they'll use a brute-force attack. This is how some email spam ends up in new employee mailboxes.

I've seen it while administering our own Exchange server. They'll try all sorts of common name combinations (such as rsmith@, tsmith@, jsmith@, etc.) in the hopes that some of them exist.

They know your domain is valid - so they never lay off trying to stuff garbage in any valid boxes on the site they can hit.

other spammer harvesting tricks (1)

sillysally (193936) | more than 12 years ago | (#3023132)

i host a number of different domains. i was using the /etc/aliases file for different users, but that means that sally@foo.com and sally@bar.com are the same person because the aliases file just has the sally part.

the result of doing it this way indicates that the spammers figured out what names I was hosting with no posting of any addresses on any website. Because, if there is a osama@bar.com but email comes to osama@foo.com, somebody must have "read" my aliases file (which doesn't contain the "foo" or the "bar" part). Mail does not come to random names at the wrong domains, just to the right names at the wrong domains.

do they connect up to my server and try many different combinations exhaustively, using an RSET in between so they don't actually need to send and email? or do they have some way to connect to my server and directly suck down my aliases file?

Re:other spammer harvesting tricks (1)

MavEtJu (241979) | more than 12 years ago | (#3023191)

i host a number of different domains. i was using the /etc/aliases file for different users, but that means that sally@foo.com and sally@bar.com are the same person because the aliases file just has the sally part.

Instruct your MTA to use a different alias-file for the MTA related mail and a different alias-file for system-related mail.

So for system-related mail, use /etc/alias which translates root,postmaster,abuse etc to a real user (foo@bar.com).

For MTA related mail, use an alias file which knows that alice@bar.com has to go to alice, but the alice@blaat.com doesn't exist.

I know that PostFix uses the file virtual-agent for it: virtual - Postfix virtual domain mail delivery agent. I assume that Sendmail (and other MTAs) have the same features.

But it's all related to splitting system-related aliases and MTA-related issues!

Re:other spammer harvesting tricks (2)

topham (32406) | more than 12 years ago | (#3023293)

I'm convinced they create a list of names, (anything before the @) and a list of domains, (anything after the @) and submit ALL names to all domains.

I say this because of mail I have which contains a dozen variations on my address in 'Apparently-To' entries in the mail.

How to foil email harvesters (2, Insightful)

grunby (90338) | more than 12 years ago | (#3023136)

Something like WPoison [monkeys.com] has to be used more often. Until a higher percentage of harvested emails are faked, these web spiders will continue roaming the web, adding email addresses to their collection.
- grunby

Re:How to foil email harvesters (1)

Bongfish (545460) | more than 12 years ago | (#3023383)

Wouldn't using that bring your server to it's knees? From a brief read of it, it traps spiders in an endless loop by generating infinite, recursive links on your site.

New use for this? (5, Interesting)

iamplasma (189832) | more than 12 years ago | (#3023140)

Could this technique be changed. Rather than generating a mailbox for the spam to go to, based on IP, instead generate the abuse address for the IP's netblock owner.

That way, whoever is running the spider can start spamming direct to the abuse address, saving the site owner from having to report them. :)

Re:New use for this? (1)

sinserve (455889) | more than 12 years ago | (#3023231)

abuse, root, postmaster, 127.0.0.1, localhost, etc.

How many "tricky" emails can you form out of those?
chances are, they call can fit into an array, and
looked up against. any name that sounds tricky,
is dropped on the spot.

--

Urgh, should have previewed. (1)

sinserve (455889) | more than 12 years ago | (#3023243)

> they call can fit into an array, and

they ALL can fit ...

Re:New use for this? (0)

Anonymous Coward | more than 12 years ago | (#3023326)

Yes, spammers _could_ filter out postmaster@*, abuse@*, etc, the simple truth is, most of them are too stupid to do so.

I am the postmaster for about 500 domains.

Recently there was some fuckwit that sent their spam to hundreds of our postmaster@ addresses.. How stupid can you get?

Re:New use for this? (0)

Anonymous Coward | more than 12 years ago | (#3023301)

Thats a smart idea indeed, {insert "if I still had mod points" phrase here}

Does SPAM work? (2)

microTodd (240390) | more than 12 years ago | (#3023154)

I for one am curious if a spam e-mail has EVER worked. Why do so many people spend so much time and money working on spam technology? SOMEONE out there must be buying things from spam ads.

Re:Does SPAM work? (1)

Peyna (14792) | more than 12 years ago | (#3023188)

Half the spam I get is about how to get e-mail addresses to send more spam. Hey, it sounds like the same business plan as banner ads! =]

Re:Does SPAM work? (0)

Anonymous Coward | more than 12 years ago | (#3023241)

I avoid companies who send me spam at all costs.

Re:Does SPAM work? - Yes (2, Informative)

nuggz (69912) | more than 12 years ago | (#3023260)

Yes, it does work.
Last I heard they would get a response of something like 0.02-0.05% of the time
That is 2-5 for every ten thousand spams.

They don't care, send out a few hundred thousand spams, get a few hundred responses, they can make money.

Shortly after it stops working, people will stop spamming.

Re:Does SPAM work? - Yes (1)

iamplasma (189832) | more than 12 years ago | (#3023389)

It probably depends a lot on the spam too. Perhaps a unique spam may get a tiny number of responses, but the 500th "make money fast" to arrive in my mailbox isn't going to get much more luck than the first 499. While I have seen the 0.02% figure elsewhere, I do remember other testemonials that it basically gets no responses whatsoever.

Revenge! (0)

Anonymous Coward | more than 12 years ago | (#3023155)

askbill@microsoft.com!

Only if you're not on AOL (2, Informative)

MoneyT (548795) | more than 12 years ago | (#3023164)

If you're on AOL, you get it within minutes of entering a chat room or accessing any AOL specific content

You might try this... (1, Interesting)

niftyeric (467236) | more than 12 years ago | (#3023169)

This has worked for me so far. I don't know how many bots or whatever actually click the link, but assuming they don't, this works for me. :)

<a href="#" onclick="Goto()">email</a>
<script language="javascript">function Goto() { var f1 = "your"; var f2 = "email"; var f3 = "@"; var f4 = "here"; var f5 = "org"; self.location.href= "mailto:" + f1 + f2 + f3 + f4 + "." + f5 + "?subject=email lala"}</script>

Of course, you could extend this out to each letter, but why?

Thanks for the info (1)

ackthpt (218170) | more than 12 years ago | (#3023171)

I'm going to remove my email address from my webpages. If anyone wants to reach me, I'll do like people on here do, fudge it up a little :)

Bounce the spam (1)

Penrod Pooch (466103) | more than 12 years ago | (#3023189)

Ever since I started bouncing all spam I've seen a drastic decrease in incoming crap. They don't seem to like that.

Mod this question up, please. (4, Interesting)

Lendrick (314723) | more than 12 years ago | (#3023281)

How exactly does someone running a standard Windows install go about faking an email bounce? Or on Linux?

Lendrick

Re:Mod this question up, please. (2, Interesting)

AragornSonOfArathorn (454526) | more than 12 years ago | (#3023393)

This is why I love Mac OS X's Mail program... There is a menu option to bounce email :-) Why doesn't M$ put this in Outlook? Maybe they don't want people bouncing their (Microsoft's) spam?

Solution? (5, Interesting)

gnovos (447128) | more than 12 years ago | (#3023217)

Does suing spammers work? For example, if you made a web-page that CLEARLY reads: If you agree to pay me $52,000, please send email to foo@bar.com. Consent of this contract will be shown by sending an email to that address, regardless of content.

Post this email NOWHERE else. Wait for a spider to come around and harvest... Is such a contract legally binding? I would think it would be, considering you can make online-payments and such, and those contracts are binding (i.e. if you promise to pay Amazon for your book, you have to do it, right?)

Re:Solution? (3, Informative)

reparteeist (533894) | more than 12 years ago | (#3023395)

Although there is no federal law, some states have them forbidding unsolicited spam. For the details in your area, go here. [spamlaws.com]

sneakemail (4, Informative)

doofsmack (537722) | more than 12 years ago | (#3023228)

That's exactly why I use sneakemail [sneakemail.com] . It gives you a random email address like asjglkjg176489@sneakemail.com. When an email is sent there, it goes to your inbox. You can have as many aliases as you want (They suggest 1 per site you sign up with). If you receive spam on one of them, you can just disable that alias. It's really great.

Re:sneakemail (2, Interesting)

Matthaeus (156071) | more than 12 years ago | (#3023303)

Qmail is also great for this. In its default setup, if a user has e-mail address foo@bar.com, he can use foo-baz@bar.com for any values of baz (e.g. foo-realplayer@bar.com, foo-amazon.com@bar.com, etc). No work on the part of the admin is required unless an account starts getting too much spam.

The Cutting Edge of Web-Crawling (2)

Rayonic (462789) | more than 12 years ago | (#3023232)

Apparently the cutting edge of harvesting web information (in this case e-mail addresses) is in the spam business. We all like to think that entities like Google are at the forefront of Web searching technology, but it seems like shadowy, unscrupulous advertising firms may be just ahead of the curve.

I know I'll get modded down for this, but I think there are a lot of parallels between this case and that of pornography (another somewhat shadowy industry that is often looked down upon, yet is always there to profit off of new technologies as soon as they become available.)

Solution (1)

t_allardyce (48447) | more than 12 years ago | (#3023242)

Couldn't someone use that method to come up with a list of ip's that run harvesting bots and then create a blacklist so the hosters could ban them.
also, more isp's should set-up (optional of course) server-side filters with spam blacklists. Most offer filter scripts, but not pre-loaded with the blacklists.

telemarketers (3, Funny)

Beowulf_Boy (239340) | more than 12 years ago | (#3023244)

I rarely ever got telemarketing calls.
Last week I applied for a telemarketing job.
Within hours I started getting calls, and I've gotten 5 a day since.

Re:telemarketers (5, Informative)

TheFlu (213162) | more than 12 years ago | (#3023334)

I have a similiar experience. I recently started participating in Spamcop.net's blacklisting effort...a few days after I started submitting SPAM to be blacklisted, for some reason, my daily SPAM intake has tripled. I'm not sure if it's just coincidence or what, but it doesn't please me. I hate to think of the reason why this has happened...


I'm seriously considering moving my mail servers over to using TMDA [libertine.org] , which I hear stops about 99% of SPAM. At this point, I have to do something.

Re:telemarketers (2, Insightful)

sholden (12227) | more than 12 years ago | (#3023385)


I rarely ever got telemarketing calls.
Last week I applied for a telemarketing job.
Within hours I started getting calls, and I've gotten 5 a day since.

Karma...

Get a Hotmail account (1)

Tremul (190113) | more than 12 years ago | (#3023271)

What's the big deal. Get an account on hotmail that you don't care about. Then whenver you sign up to buy anythign put that as your address. It's legal and it doesn't inconvenience you.

Re:Get a Hotmail account (1)

Penrod Pooch (466103) | more than 12 years ago | (#3023348)

Dude, using hotmail is a major inconvenience. If you have to respond to anything, the legitmate messsage will be buried among a gazillion spams. Especially since a bug in hotmail when you're using Mozilla means you have to delete the spam one at a time.

Re:Get a Hotmail account (2, Insightful)

g00z (81380) | more than 12 years ago | (#3023399)

Bah -- do what I do (and other smart people that run their own mailserver) -- set up an aliases list for your email address. Everytime you need to give somebody your email address (For required registrations and all the other stuff that makes the web annoying as hell these days) just make an alias to your "real" address, get your mail from the company, then go and remove that alias -- Voila! You got your registration ID or whatever, and now that company has a bunk email address that they can sell out to spammers, with no concequence to yourself.

As easy as proverbial pie.

Strong action (0)

Anonymous Coward | more than 12 years ago | (#3023280)

We should sentence every convicted spammer to a life sentence, as they cost a lot to companies and have no excuse. After 1 or 2 examples, I'd guess we wouldn't be spammed anymore.

central database for spam-blocking ?? (0)

Anonymous Coward | more than 12 years ago | (#3023306)

I'm a little behind the times on proposed solutions to spamsters. But one possibility would seem to be a central spam-blocking database where you put your email address - and then anyone sending you spam (however that is defined) without first querying the spam-blocking database would do so at their legal peril. Of course some Very Big Iron and Pipes would be needed to support real-time querying of the blocking database, and the spamsters would be forced to upgrade their evil technologies but as Lord Farquard (?) on Shrek says, thats a price I'm prepared to pay. Of course the database itself would be a spammer's delight, requiring truly punitive measures for any spammer who harvested from it - again a price I am prepared to pay.
Is any organization proposing such a centralized approach ?

Re:central database for spam-blocking ?? (2, Informative)

g00z (81380) | more than 12 years ago | (#3023361)

There already exists such a thing. Check out http://www.ordb.org/ and you can set up sendmail (Or whatever you use) to check their database for known open relays. If found out about this little gen when my mail server was found to have a hole in it. Only bumb deal about it is that now that I have the hole fixed, I can't seem to get my mailserver off their damn list. :)

But jokes aside, if you run a mailserver and want to block a good deal of spam, you should check out their site.

Re:central database for spam-blocking ?? (0)

Anonymous Coward | more than 12 years ago | (#3023391)

not quite the same thing - that puts the onus on me or worse, on my company's lazy-ass sysadmin people. and its only as good as the quality of the database. the spammers should take the hit and do the work.

Spam by unique email address (5, Interesting)

slashdot.org (321932) | more than 12 years ago | (#3023333)

I've been using the 'theirname@mydomain.com' technique whenever I provide an email to on-line stores.

I was amazed when I started receiving spam on 'premaritalagreement.com@mydomain.com' (only the mydomain is fake!) and I contact the people and they denied everything. But at least you can ban that email address and ban the company.

On the other hand it's funny when (for some reason) the company calls you to verify something, and they go over all the stuff and then get to the email. There was one person that just didn't get it: 'yeah, but that's OUR email address', recognizing her companies name. :o)

For those reasons some people generate an obfuscated (rot-13 for example) address.

In any case, the sad thing is that there's not much you can do against the companies that sell your email address, legally...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>